Distributed setup
Albrecht Dreß
albrecht.dress at lios-tech.com
Sun Aug 3 13:55:12 CEST 2008
Dear Alain:
Thanks a lot for your reply...
"Alain Spineux" <aspineux at gmail.com> wrote:
> On Thu, Jul 31, 2008 at 10:35 AM, Albrecht Dreß
>> I would like to install Kolab 2.2 on /two/ Ubuntu Hardy machines in a
"distributed" way: box #1 shall have the Cyrus, Postfix and Apache related
stuff installed, and box #2 shall get all the rest.
>
> This mean ldap and Amavis will be on #2, this is a good balance !
I will probably omit the scanning stuff, as the incoming mail goes through an
other externally hosted Linux box with Postfix, Mailscanner, Spamassassin and
ClamAV, so IMO I can omit the second check...
> Not a good argument, because OpenPkg and Kolab have also security in mind !
O.k., got your point. ;-)
> Do you know SELinux ? If so, just translate the exisiting rules to openpkg
environment ! If not will you really learn and adapt SELinux for kolab ?
I have some basic knowledge of SELinux... One problem with Ubuntu Hardy is that
it does not come with really good SELinux support. Using the policy coming with
it results in many avc messages (i.e. not usable in enforcing mode). I tried
the "targeted" policy from Debian Etch (didn't try Lenny's yet) on an other
Hardy box, also resulting in many messages. However, as on the box #1, exposed
to the evil internet, only a few services will run, I think it should be
possible to tweak the targeted policy accordingly. Box #2 will run much more
stuff apart from Kolab, which will probably be a much bigger problem, so I guess
I'll leave it in permissive mode first.
> I things the best is to install a full install on both, make it works on #1,
then
> transfer features from #1 to #2 one by one
Well, yes, that's almost what I also was thinking about. My question was if
there are already any experiences or howtos?
I don't understand the internal structure sufficiently; this approach should
work if the Kolab components communicate only through IPC (read: Internet Domain
Sockets). If one component tweaks the config file of an other one, though, then
they must obviously reside on the same box.
Does anyone have more insight into that?
Thanks, Albrecht.
More information about the users
mailing list